nanog mailing list archives

Re: Where NAT disenfranchises the end-user ...

From: "Circusnuts" <Circusnuts () home com>
Date: Sun, 9 Sep 2001 09:21:54 -0400


Yep- NAT showed up in Cisco IOS in the 11.2 version.  I am definitely not an
expert on this subject, but a couple of things come to mind when running
through these posts:

NAT is almost always (or needs to be) configured in an overload state (or
PAT).  If your NAT pool should become to small for your users (good rule of
10 users to 1 IP), you can always check the translation statistics & start
to move you pool accordingly.  Unless I'm missing some sort of breach with
the occasional port table (when overload begins) it works quite well with
users heading to the Internet.

As far as the history of NAT, it's a band aide that offers some security
(sucks to trouble shoot @ times too).  NAT is a selling tool today for home
users & ISP's that don't want to cough up addresses.  As soon as IPV6 comes
online, NAT will offer almost no value add.

.02
Phil


----- Original Message -----
From: "Adam McKenna" <adam-nanog () flounder net>
To: "NANOG (E-mail)" <nanog () merit edu>
Sent: Friday, September 07, 2001 3:31 AM
Subject: Re: Where NAT disenfranchises the end-user ...


On Thu, Sep 06, 2001 at 10:29:21PM -0700, Roeland Meyer wrote:


|> From: Eric A. Hall [mailto:ehall () ehsco com]
|> Sent: Thursday, September 06, 2001 9:49 PM

|> > "Charles Sprickman" <spork () inch com>
|>
|> > NAT has it's place, and we have many happy customers that are quite
|> > pleased with their NAT'd connections; some simple, some fancy.
|>
|> NATs are a band-aid.

ip_masq started out as a cheap way to cheat ISPs that wouldn't allocate

IP

addrs to dial-up users (home users have no need for a LAN?), or wanted

to

charge an arm'n'leg for every IP addr. This irked the Linux community
sufficiently that they wrote a "cure". Unfortunately, the popularity of

the

"cure" superceded the need.


Erm, sorry, but NAT was alive and well on Cisco routers long before it was

in

the Linux kernel.

--Adam

--
Adam McKenna <adam () flounder net>   | GPG: 17A4 11F7 5E7E C2E7 08AA
http://flounder.net/publickey.html |      38B0 05D0 8BF7 2C6D 110A

Current thread:

RE: end2end? (was: RE: Where NAT disenfranchises the end-user ...), (continued)
- - - RE: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Tony Hain (Sep 07)
    - Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Andy Dills (Sep 07)
    - Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Adam McKenna (Sep 07)
    - Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) bmanning (Sep 07)
    - Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) steve uurtamo (Sep 07)
    - Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Leo Bicknell (Sep 07)
    - RE: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Mike Batchelor (Sep 07)
- Re: Where NAT disenfranchises the end-user ... Bob K (Sep 06)
- RE: Where NAT disenfranchises the end-user ... Roeland Meyer (Sep 06)
  - Re: Where NAT disenfranchises the end-user ... Adam McKenna (Sep 07)
    - Re: Where NAT disenfranchises the end-user ... Circusnuts (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Alex Bligh (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Jared Mauch (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Bob K (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Jared Mauch (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Daniel Senie (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Brian Whalen (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Randy Bush (Sep 09)
    - Re: Where NAT disenfranchises the end-user ... Scott Gifford (Sep 10)
- RE: Where NAT disenfranchises the end-user ... Roeland Meyer (Sep 07)
- RE: Where NAT disenfranchises the end-user ... Jim Shankland (Sep 07)

(Thread continues...)